Security

Hello,

I am having trouble getting MAC-Auth to work through my Guest SSID. I am using MACTrac to enter a mac address tied to a user account. With the mac of a device added it does not use this service to authenticate. The devices comes through a lower service using "WebAuth" authentication where it fails because it's unexpected.  Below I will post screen captures of my service, role map, and enforcement policies.  What am I missing? Or is it my configuration on the controller? Can anyone point me in the right direction? Thanks

Alright so I am trying this but the device I have to test with is not reauthenticating. Any tips on forcing it to reauthenticate? 

So here is what I'm seeing. 

My first device is a game console. It joins the SSID and it initally WebAuth, it is accepted but no Mac Auth.

My second device is an android tablet. It joins the SSID initally WebAuth then it authenticates 5 - 10 seconds later as MacAuth.  

Any idea why WebAuth might be happening first?

Can you point me to any documentation on setting this up? I followed this guide (How-To: Advanced MACTrac designs in ClearPass November-MHC) but I feel like I must be missing a step between the controller and clearpass.

Would upgrading to 6.5 give me any benefit in this setup? I planned to upgrade to 6.5 later this month. 

Sounds like your services might be missing something. A MAC-auth only device should never web auth.

Can you export your two services and post here or email to me?

Did you enable Insight under server settings? Looks like you are using the pre-6.5 methods for MAC Caching as Days-Since-Auth and the other caching is using Insight.

Not sure if this really affects what you are trying to do, but it's worth noting.